package com.gitblit.auth;

import com.gitblit.Constants;
import com.gitblit.Keys;
import com.gitblit.auth.AuthenticationProvider;
import com.gitblit.models.TeamModel;
import com.gitblit.models.UserModel;
import java.io.File;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.PAMException;
import org.jvnet.libpam.impl.CLibrary;

/* loaded from: input_file:com/gitblit/auth/PAMAuthProvider.class */
public class PAMAuthProvider extends AuthenticationProvider.UsernamePasswordAuthenticationProvider {
    public PAMAuthProvider() {
        super("pam");
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public void setup() {
        String[] strArr = {"/etc/shadow", "/etc/master.passwd"};
        File file = null;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            File file2 = new File(strArr[i]);
            if (file2.exists()) {
                file = file2;
                break;
            }
            i++;
        }
        if (file == null) {
            this.logger.error("PAM Authentication could not find a passwd database!");
        } else {
            if (file.canRead()) {
                return;
            }
            this.logger.error("PAM Authentication can not read passwd database {}! PAM authentications may fail!", file);
        }
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsCredentialChanges() {
        return false;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsDisplayNameChanges() {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsEmailAddressChanges() {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsTeamMembershipChanges() {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsRoleChanges(UserModel userModel, Constants.Role role) {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsRoleChanges(TeamModel teamModel, Constants.Role role) {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public Constants.AccountType getAccountType() {
        return Constants.AccountType.PAM;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public UserModel authenticate(String str, char[] cArr) {
        if (CLibrary.libc.getpwnam(str) == null) {
            this.logger.warn("Can not get PAM passwd for " + str);
            return null;
        }
        PAM pam = null;
        try {
            try {
                pam = new PAM(this.settings.getString(Keys.realm.pam.serviceName, "system-auth"));
                pam.authenticate(str, new String(cArr));
                if (pam != null) {
                    pam.dispose();
                }
                UserModel userModel = this.userManager.getUserModel(str);
                if (userModel == null) {
                    userModel = new UserModel(str.toLowerCase());
                }
                setCookie(userModel);
                userModel.accountType = getAccountType();
                userModel.password = Constants.EXTERNAL_ACCOUNT;
                updateUser(userModel);
                return userModel;
            } catch (PAMException e) {
                this.logger.error(e.getMessage());
                if (pam != null) {
                    pam.dispose();
                }
                return null;
            }
        } catch (Throwable th) {
            if (pam != null) {
                pam.dispose();
            }
            throw th;
        }
    }
}
